Table of contents
- Introduction
- Checking TCP connections and listened port numbers using the netstat on Powershell
- Checking UDP connections and open port numbers using the netstat on Powershell
- Checking the process ID or the application which is related to that TCP or UDP port using Netstat on Powershell
- Conclusion
Introduction
Netstat is one of the most useful commands for the Network engineers and system admins for troubleshooting the TCP or UDP port related issues
We can use netstat to check the Active TCP / UDP connections from the system and also to check the process associated with the opened port number or connection
Checking TCP connections and listened port numbers using the netstat on Powershell
To check the both active TCP connections and other TCP ports we are listening to , we can use the netstat with options “-p TCP “ along with options -a ( to show all ports open , or in various stages of the TCP connections ) and -n ( to show in numbers not resolved to hostnames or port names )
In the following example , we are seeing that the local machine is listening on the ports 443 (https ) and port 80 (http ) and the local machine has formed a ssh (22) connection with another machine 192.168.44.154
PS C:\Users\Public\Discovering-systems> netstat -an -p TCP
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.44.1:443 0.0.0.0:0 LISTENING
TCP 192.168.44.1:80 0.0.0.0:0 LISTENING
TCP 192.168.44.1:50205 192.168.44.154:22 ESTABLISHED
.
.Checking UDP connections and open port numbers using the netstat on Powershell
To check the both active UDP connections and other UDP ports which are open , we can use the netstat with options “-p UDP “ along with options -a ( to show all ports open ) and -n ( to show in numbers not resolved to hostnames or port names )
PS C:\Users\Public\Discovering-systems> netstat -an -p UDP
Active Connections
Proto Local Address Foreign Address State
UDP 0.0.0.0:68 *:*
UDP 0.0.0.0:5353 *:*
.
.Checking the process ID or the application which is related to that TCP or UDP port using Netstat on Powershell
To check the process ID which opened or related to an UDP Port , you can use option -o , along with other discussed options in earlier section
PS C:\Users\Public\Discovering-systems> netstat -aon -p UDP
Active Connections
Proto Local Address Foreign Address State PID
UDP 0.0.0.0:68 *:* 1104
UDP 0.0.0.0:5353 *:* 2136
.
.To check the application which opened or related to an UDP Port , you can use option -b , along with other discussed options in earlier section
PS C:\Users\Public\Discovering-systems> netstat -abn -p UDP
Active Connections
Proto Local Address Foreign Address State
UDP 0.0.0.0:68 *:*
Dhcp
UDP 0.0.0.0:5353 *:*
Dnscache
Similarly for the TCP we can check the application which is related to the port
PS C:\Users\Public\Discovering-systems> netstat -abn -p TCP
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.44.1:50274 192.168.44.154:22 ESTABLISHED
[ssh.exe]
.
.Similarly for the TCP we can check the process ID which is related to the port
PS C:\Users\Public\Discovering-systems> netstat -aon -p TCP
Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.44.1:50274 192.168.44.154:22 ESTABLISHED 2764
.
.Conclusion
In this article we discussed how to check the active TCP / UDP connections and its associated process using Netstat command in Powershell. We can do similar job with the same netstat command in Linux machines as well.
If you are interested in more Windows Powershell related articles please go through the following links